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FLEXIBLE INTERFACE FOR SECURE INPUT OF PIN CODE 



The invention is related to interfaces between man 
and machine such as computer, telephone or television 
5 devices, which need a Personal Identification Number 
(PIN) to authenticate the user running an 
application. 

By running an application, one should understand 
to continue or to have access to an application or to 

10 specific resources of an application. 

The invention is more particularly but not 
exclusively related to a system and a method used in 
an interactive information system such as an 
entertainment system. 

15 Requirements for security in interactive 

entertainment systems are contradictory. 

This is because, in order to run an application, 
an authentication of the user/ viewer is needed while 
using the specific look and feel of the application. 

20 However, it is also preferred that the PIN code 

should not be given to the application for security 
purpose . 

In fact, two types of solutions are presently 
known for authentication. Both present drawbacks, as 
25 they are only capable of fulfilling part of the above 
requirements . 

Either the application presents its own user 
interface for PIN entry, then queries the underlying 
system to check if the given PIN is correct . 
3 0 This solution does not hide the PIN code from the 

application. 
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Or the application requests the underlying system 
to authenticate the viewer. For this the underlying 
system, using its own look and feel, prompts the 
viewer for its PIN, verifies its validity and then 
5 returns the information that the viewer is authorised 
or not to the application. 

This solution is safe, but does not allow 
integration of the PIN entry with the application 
look and feel . 

io In other words and referring to figure 1, it is 

shown a system which presents a good look and feel , 
but which is not safe, as the PIN code is known by 
the application. 

More precisely, the application 1 has total 

15 control of the look and feel. 

The viewer provides his PIN code through input 
means 2 in digital data to the application via an 
input device, for instance transmitted as infrared 
signals 3 to the device on which runs the application 

20 which displays in 4 the look and feel for the PIN 
entry field. 

Such application, which is now aware of the PIN 
code, transmits it in 5 to security manager means 6 
which, after checking, confirms in 7 authorisation 
25 from the system 8 . 

The PIN code {Input means 2) is therefore provided 
outside of the system 8, which is unsecured, and may 
allows third parties to have access to the PIN code. 
Figure 2 displays the other way of functioning of 
3 0 a known system of the prior art. 
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Here, the application 1 has no control over the 
look and. feel, contrarily to the precedent case. 

The application 1 requests in 9 the system 8 to 
identify the user. 
5 The security manager means 6 uses the input means 

2 (PIN Code) , provided in 3 and the display screen to 
create in 4 a display of the PIN entry field. 

When the security manager means 6 has checked the 
PIN code, it gives authorisation (7) to display or to 
10 access to resource to the application 1 . 

On a security point of view this system is good 
as, at no point, the system 8 gives out the PIN code 
to the application. 

However, the look and feel is here totally under 
15 system control, without any consideration for the 
current application look and feel . 

It is therefore a main object of the present 
invention to provide an improved system and method 
for authorising a secure way of authentication for an 
20 access to an application through a PIN code while 
using the look and feel of said application during 
the PIN code interrogation. 

It is another object of the invention to provide 
an improved system and method wherein the safety 
25 needed for PIN code entry, is combined with perfect 
integration of the prompt with the service. 

It is another objet of the invention to provide a 
simple and cost saving flexible interface for secure 
input of a PIN code. 
30 The problems outlined above are in large part 

solved by a system for authenticating a PIN code of a 
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user in an interactive information system, in order 
to run an application which comprises : 

• input means for PIN code entry, 

• security manager means for comparing the PIN 
5 code of the user, upon a request for user 

authentication from the application, with a 
registered PIN code, and giving authorisation to run 
said application if said PIN code of the user matches 
the registered PIN code, 
10 • and display means for displaying any graphics 

including a PIN entry field, 
characterised in that 

the request for user authentication being provided on 
the display means via the PIN entry field with the 
15 look and feel of said application, the system further 
comprises emitting means for entering crypted digits 
in said PIN entry field upon entering the PIN code of 
the user in the security manager means through said 
input means, 

20 and the security manager means are arranged to give 
authorisation to run the application after full entry 
of said crypted digits and if the PIN code of the 
user is identical to the registered PIN code. 

With such system the PIN code remains hidden from 

25 the environment, the user having only the impression 
to enter physically his PIN code within the PIN entry 
field of the application. In fact, it remains in the 
security manager means, which is within the system. 
In a preferred embodiment the application is a 

30 television program. 
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The invention also provides a method for 
authenticating a PIN code of a user in an interactive 
information system, in order to run an application, 
wherein said information system emits a request for 
5 authenticating a user, 

said user enters a PIN code through input means, 
said PIN code of the user is compared with a 
registered PIN code, within security manager means, 
and authorisation is provided to run said application 
10 if the - PIN code of the user matches with the 
registered PIN code, 
characterised in that 

- the request for authenticating being provided with 
a PIN entry field having the look and feel of the 

15 application, 

- crypted digits are entered in said PIN entry 
field, upon entering the PIN code by the user in the 
security manager means, 

and authorisation to display the application is 
20 only provided after full entry of said crypted 
digits, and if the PIN code signal of the user is 
identical to the registered PIN code as checked by 
the security manager means. 

The invention will be better understood from 
25 reading the following description of a particular 
embodiment given by way of non limiting example, and 
which refers, additionally to the above mentioned 
figures showing the prior art, to the accompanying 
drawings in which : 
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- Figures 1 and 2, already mentioned, are 
schematic drawings figuring the architecture of the 
PIN code interface of the prior art . 

- Figure 3 is a schematic drawing showing the 
5 architecture of the system according to the present 

invention . 

- Figure 4 is a schematic drawing showing an 
interactive television system for implementing the 
invention. 

10 - Figure 5 is a flowchart related to the 

application according to the embodiment of the 
invention more particularly described here. 

- Figure 6 is a flowchart implemented by the 
security manager means according to the embodiment of 

15 the invention more particularly described here. 

Figure 3 shows a system 10 arranged to 
authenticate the user before running an application 
11, according to the invention. 

The application 11 initiates a PIN entry request 
20 12 to authenticate the user request and 
simultaneously asks the security manager means 13 to 
handle key input 14 to be introduced through Input 
means 15, for instance through a key pad. 

The security manager means 13 comprises a small 
25 computer system including a central processing unit 
(CPU), memory and local storage. It is connected to 
input/output ports. 

It is programmed in order to provide the different 
steps according to the method of the invention. 
30 The application having total control over the 

graphics displayed and their look and feel, the look 
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and feel 16 for PIN entry is provided on display 

means 17 according to the application. 

The display means can be a TV screen, an LCD 

screen of a remote portable telephone, etc. 
5 As the security manager means 13 is asked to enter 

the PIN entry mode, it grabs key inputs 14, analyses 

these inputs for user authentication and relays in 18 

the key presses to the application. 

The security manager means does not relay the key 
lo values, which therefore remains within the system, 

but only relays the fact that a key has been pressed, 

letting for instance the application display an X for 

each key pressed, in the PIN entry field. 

This way the application does not learn about the 
15 PIN, but can give user feedback 19 to the display 

means 17. 

When the security manager means 13 recognises the 
PIN, it informs in 20 the application that the 
user/viewer has been authenticated. 
20 The application can then run, be displayed and/ or 

operate . 

Figure 4 shows schematically an interactive 
television system 21 including a system S according 
to the embodiment of the invention more particularly 
25 described here. 

A broadcaster 22 transmit through a satellite 23 
the signal corresponding to the look and feel of an 
application request (arrows 24) , for instance a Pay 
TV program. 
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The signal is provided to a digital interactive 
decoder 25, currently packaged in a set-top connected 
to a television 26. 

It delivers true interactive television using the 
5 broadcast -oriented infrastructure currently 

predominant in the television industry. 

The decoder 25 comprises in a manner known per se, 
a demultiplexer 27 and an application programming 
interface 28, stored in a local memory {RAM, EPROM 
10 FLASH memory, . . . ) , such as the one proposed by the 
applicant OPEN TV, and which provides a library of 
functions which can display graphics on the 
television screen, control audio/video services, 
accept user input and communicate with the outside 
is world. 

The decoder 25 also comprises a CPU 29, 
Audio/Video decoding means 30, connected through 
audio video output 31 to the television set 26, 
storage means 32 for storing an operating system for 
20 the CPU 29, such as the one provided by OPEN TV. 

The CPU 29 further includes part of the security 
manager means 33 as described in the invention. 

The decoder 25 also comprises Input means 34 such 
as infrared sensors arranged to receive infrared 
2 5 signals 35 emitted by a remote control apparatus 36 
having a key pad 37, and display function means 3 8 
controlled by the CPU. 

The decoder 25 also comprises output means having 
a modem and/ or a multiplexer 3 9 for providing back 
30 return signals 4 0 on a return channel to the 
broadcaster 22 and/or a server. 
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The broadcast system may be, of course based on 
satellite or cable or some other medium. 

Figure 5 shows a block diagram according to an 
embodiment of the invention to be included in an 
5 application to authenticate the users to continue or 
to have access to specific resources which needs 
authentication by a PIN code. 

The application first uses some display function 
(block 41) to present a PIN entry field to the 
10 viewer. 

It then asks the security manager means to enter 
the PIN entry mode and check in 43 if keys are 
pressed . 

As keys are pressed, it gives {block 44) feedback 
15 using the display function. 

If the user is not authenticated (step 45) , it 
comes back (loop 46) to check 43. 

If the user is authenticated (in 47) , there is an 
OK from the security manager means and the 
20 application can go on (step 48) . 

An example of a block diagram of the security 
manager program is provided on figure 6 and is 
performed entirely (and secretly) within the System 
S. 

25 At the application request in 49, the security 

manager means enters a PIN entry mode (step 50) . 

The PIN repertory is then initialised to empty in 
51 and the system wait for a key to be pressed (check 
52) . 
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If the key is an « ending » key {for instance OK 
or enter) , {check 53) there is a release of the key 
input grabbing (step 54) . 

If not there is a loop 55 for more key. 
5 After release of the' key input grabbing, the 

security manager means checks in 56 the entered PIN 
against the user's PIN. 

It then either returns success (step 57) , or 
failure (step 58) to application (step 45 of the 
10 application), before exiting PIN entry mode in 59. 

It will now be described the functioning of the 
system while referring to figure 4 . 

At the broadcast site, pay TV programs of a 
Specific Provider are stored. 
15 The pay TV programs are encoded into a digital 

bitstream which is compressed and multiplexed with 
the signal of the PIN code field of the Specific 
Provider, including its logo and a menu to allow the 
viewer to have access to other movies of the 
2 0 provider, to form a single bitstream. 

This single bitstream is then broadcasted to all 
subscribers. At each customer's site, the bitstream 
is received by the decoder 25 where the audio and 
video are decompressed and the PIN code field is sent 
25 to the customer's television set 26. 

The request for the PIN code of the user is 
therefore prompted to the viewer. 

The viewer then, for instance through a remote 
control apparatus, can enter his PIN code by pressing 
30 keys. 
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At each pressing, a cross appears in the PIN entry 
field on the TV Screen. 

Meanwhile the Security manager means 3 3 compares 
the PIN code with a preregistered user's PIN code 
5 entered before in the decoder for instance via a 
modem . 

If the PIN codes matches, signals are sent to the 
application decoding process 30, and such decoding 
process is then authorised for displaying the 

10 application on the TV set. 

Additional advantages and modifications will 
readily occur to those skilled in the art. Therefore 
the present invention in its broader aspects is not 
limited to the specific details, representative 

is devices and illustrated examples shown and described 
herein. 

For instance, it also includes application to PIN 
code entry for obtaining specific services through 
mobile phone, for instance via GSM, or other specific 
20 services via Television and/or Internet. 
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CLAIMS 

1. A system {10, S) for authenticating a PIN code 
of a user in an interactive information system in 
5 order to run an application (11) , 
wherein it comprises 

- input means (15, 34, 35, 36, 37) for PIN code 
entry, 

- security manager means (13, 33) for comparing 
io the PIN _ code of the user upon a request for user 

authentication from the application, with a 
registered PIN code, and giving authorisation to run 
said application if the PIN code of the user matches 
with the registered PIN code, and 
15 - display means (17, 29, 38) for displaying any 

graphics including a PIN entry field, 
characterised in that 

the request for user authentication being provided on 
the display means via the Pin entry field with the 
20 look and feel of said application, the system further 
comprises emitting means (29, 38) for entering 
crypted digits in said PIN entry field upon entering 
the PIN code of the user in the security manager 
means through said input means, 

25 and the security manager means (13, 33) are arranged 
to give authorisation to run the application after 
full entry of said crypted digits and if the PIN code 
of the user is identical to the registered PIN code. 
2. A system according to claim 1 characterised in 

30 that the application is a television program. 
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3. A system according to claim 1, characterised 
in that the application is a service provided on 
mobile Telephone. 

4 . A method for authenticating a PIN code of a 
5 user in an interactive information system, in order 

to run an application, 

wherein said information system emits a request for 
authenticating a user (41) , 

said user enters a PIN code (43) through input means, 
10 said PIN code of the user is compared (45) with a 

registered PIN code within security manager means, 

and authorisation is provided to run said application 

if the PIN code of the user matches with the 

registered PIN code, 
15 characterised in that 

the request for authenticating being provided with 

a PIN entry field having the look and feel of the 

application, 

- crypted digits are entered (44) in said PIN entry 
20 field, upon entering the PIN code by the user in the 
security manager means, 

and authorisation to display the application is only 
provided (47) after full entry of said crypted 
digits, and if the PIN code of the user is identical 

25 to the registered PIN code as checked by the security 
manager means . 

5. A method according to claim 4, characterised 
in that, for presenting the request for 
authentication, the application undertakes the 

30 following steps : 
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- presenting a PIN entry field to the user (41) , 
asking the security manager means to enter a PIN 

Entry Mode (42) , 

the input means comprising keys, checking if keys 
5 are pressed by the user (4*3) , 

- while keys are pressed, giving feedback in 
entering said crypted digits in said PIN entry field 
(44} , and, 

- if the user is authenticated (45) by said security 
10 manager means, giving said authorisation (4 7) to 

display (48) the application, 

6 . A method according to any of claims 4 and 5 , 
characterised in that, for providing the 
authorisation to display the application the security 
is manager means undertakes the following steps : 

- at the request of the application entering a PIN 
entry mode (50) , 

- initialising to empty a PIN repertory (51) and, 
the input means comprising keys, waiting for a key to 

20 be pressed by the user (52) , 

upon occurrence of pressing an « ending key », 
checking if a release occurs (53) , checking the 
entered PIN against the user's PIN (56), and if 
success authorising the application to run. 

25 7. A method according to any of claims 4 to 6 , 

characterised in that the application is a Television 
program . 

8. A method according to any of claims 4 to 6 , 
characterised in that the application is a service 
30 provided on a mobile telephone. 
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